[Secure-testing-commits] r16272 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Mar 1 08:48:53 UTC 2011
Author: jmm
Date: 2011-03-01 08:48:47 +0000 (Tue, 01 Mar 2011)
New Revision: 16272
Modified:
data/CVE/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
ruby fixed/not-affected/no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-03-01 08:38:36 UTC (rev 16271)
+++ data/CVE/list 2011-03-01 08:48:47 UTC (rev 16272)
@@ -280,16 +280,20 @@
RESERVED
CVE-2011-1005 [Ruby Exception methods can bypass $SAFE]
RESERVED
- - ruby1.8 1.8.7.334-1
- - ruby1.9 <removed>
- - ruby1.9.1 <unfixed>
- TODO: check
+ - ruby1.8 1.8.7.334-1 (bug #615517)
+ [lenny] - ruby1.8 <no-dsa> (Minor issue)
+ [squeeze] - ruby1.8 <no-dsa> (Minor issue)
+ - ruby1.9 <not-affected>
+ - ruby1.9.1 <not-affected>
CVE-2011-1004 [Ruby FileUtils.remove_entry_secure symlink attack]
RESERVED
- - ruby1.8 1.8.7.334-1
- - ruby1.9 <removed>
- - ruby1.9.1 <unfixed>
- TODO: check
+ - ruby1.8 1.8.7.334-1 (bug #615518)
+ [lenny] - ruby1.8 <no-dsa> (Minor issue)
+ [squeeze] - ruby1.8 <no-dsa> (Minor issue)
+ - ruby1.9 <removed> (bug #615519)
+ [lenny] - ruby1.9 <no-dsa> (Minor issue)
+ [squeeze] - ruby1.9 <no-dsa> (Minor issue)
+ - ruby1.9.1 1.9.2.180-1 (bug #615519)
CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings function in ...)
- clamav 0.97+dfsg-1
[lenny] - clamav <end-of-life>
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2011-03-01 08:38:36 UTC (rev 16271)
+++ data/ospu-candidates.txt 2011-03-01 08:48:47 UTC (rev 16272)
@@ -504,11 +504,13 @@
--
-ruby1.8 (CVE-2010-0541)
+ruby1.8 (CVE-2010-0541, CVE-2011-1004, CVE-2011-1005)
+#615517, #615518
--
-ruby1.9 (CVE-2010-0541)
+ruby1.9 (CVE-2010-0541, CVE-2011-1004)
+#615519
--
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2011-03-01 08:38:36 UTC (rev 16271)
+++ data/spu-candidates.txt 2011-03-01 08:48:47 UTC (rev 16272)
@@ -69,6 +69,16 @@
--
+ruby1.8 (CVE-2011-1004, CVE-2011-1005)
+#615517, #615518
+
+--
+
+ruby1.9 (CVE-2011-10045B)
+#615519
+
+--
+
stunnel (CVE-2011-XXXX)
http://www.stunnel.org/?page=sdf_ChangeLog (v4.35)
More information about the Secure-testing-commits
mailing list